PIML 96050704 / Forwarded to Patriot Information Mailing List: Date: Sat, 04 May 1996 10:23:51 -0400 From: liberty@gate.net (Jim Ray) Subject: Announce: Windows PGP QuickStart -----BEGIN PGP SIGNED MESSAGE----- You may want to try this if you don't already use PGP due to the complexity of installation. Good luck, and let me know how it goes. JMR - From Joelm on cypherpunks: - ---------------------------------------------------------------- >Sender: owner-cypherpunks@toad.com >Precedence: bulk > >Due to a fair amount of demand from Private Idaho users who had >novice friends that wanted to use PGP, but were frustrated at the >installation and configuration process of the DOS version, I wrote >a Windows utility called PGP QuickStart. > >This is an extremely simple app that handholds the user from downloading PGP with their Web browser to creating key rings. It automatically unzips the files, creates the appropriate directory, and modifies the AUTOEXEC.BAT file. The user just follows easy to understand dialog boxes and clicks buttons. > >This is not a full-featured front-end. Its purpose is only to simplify the PGP installation process so a user can later use Private Idaho or any of the other Windows shells that are available. > >The beta version is located at: > >http://www.eskimo.com/~joelm/pi.html > >As with Private Idaho, this utility is free... PIdaho is incredibly cool software these days. You can create a "nym" for each one of your personalities (up to 8, "sorry Cybill") JMR Regards, Jim Ray "The FAA, FBI, Customs, CIA, Justice, DEA and the IRS were all involved in Mena. They won't say how they were involved, but they will tell you there is nothing there." -- Bill Plante, CBS News Correspondent, & Michael Singer, Producer, CBS News, New York. in Tuesday, May 3, 1994's Wall Street Journal letters to the editor section. _______________________________________________________________________ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Public Key id. # E9BD6D35 -- http://www.shopmiami.com/prs/jimray _______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMYtn+W1lp8bpvW01AQGAOgQAtCxUfmCwcjqzkFrd+YcKj6cziDErm1zf 5nB852tVqb2p0ii01QA5VD1CMy5vmhXWVBXqZyzm7yhkCPUseldpBccE5cLnVNFF IRn2wlQmsZjelxzQloiyk+QeBRcHNLRSz5YP+MDoiunDK+9ZgeUN6abYRLlE+AKl oqEYxZx5nFA= =VXqt -----END PGP SIGNATURE----- ------------------------------------------------------------------ Subject: Re: PGP Date: Sun, 05 May 96 19:15:41 GMT From: unitest@AZStarNet.com References: Regarding your search for lessons and software, UniTesT resells Ventana Press's PGP Companion at a discount. Winfront PGP and SPECIFIC instructions WHERE to download PGP progam are all included, even shipping, for under 30 FRN's. Contact: UniTesT at: unitest@azstanet.com or call (520)751-1940 for more details. On 4/26/96 3:05AM, in message , "John Burr" wrote: > Winfront is an application that allows PGP 2.62 to run under windows. PGP > itself cannot run under Windows. You can get a copy of it along with PGP at > the MIT server or ViaCrypt Server on the WEB...search for PGP with your > browser. > > Yours in Liberty > John Edward: Burr > ------------------------------ > Date: 4/26/96 5:02 PM > From: Phillip E. Gerring > > >Is there anybody around that would be willing to e-mail me some short > >lessons on how to use PGP? > > > >I have version 2.2. Also, if there is a more recent version, could someone > >supply the URL from which to download it? > > > >Thanks, > > > >Daffydd MacNab > > There is a very easy to use commercial version of PGP sold by: > > ViaCrypt > 9033 North 24th Ave., Suite 7 > Phoenix, Arizona 85021-2847 > 602-944-0773 > > They make it for Windows, Macintosh, and Unix. I don't know > what it costs, it's what we've been using at work. > > -- Phil ------------------------------------------------------------------ Date: Sun, 05 May 1996 21:50:38 -0700 To: uwsa@shell.portal.com From: Bill Selmeier Subject: Warning: Deadly Black Widow on the Web Personally I am very enthusiastic about the prospects and uses for a technology such as JAVA. But at this time it is only prudent to take precautions until safety can be assured. The only list members at risk are those on native Internet accounts. Anyone on AOL, Prodigy, Compuserve or any on-line service can be sure that service will have to take the actions necessary to protect against a malicious use of JAVA. Bill >Date: Sun, 5 May 1996 17:42:54 -0400 (EDT) >X-Sender: mail06614@alterdial.uu.net >To: java@hpp.com >From: "Home Page Press, Inc." >Subject: Warning: Deadly Black Widow on the Web > >Deadly Black Widow on the Web: >Her Name is JAVA > >"Don't trust Java online" That's the message from computer >and Internet security watchdogs, in response to reports that >"hostile" Java applets are stalking the WWW. These malicious >applets can destroy data, interfere with mission critical intranets, >and gain access to sensitive data. > >"The situation is scary," said Stephen Cobb, Director of Special >Projects for the National Computer Security Association (NCSA). >"Software companies are releasing products on the Internet without >even considering the hacker perspective. Enterprise IT managers >have to understand there is a real danger allowing users to freely >access the WWW. They have to set up policy now to prevent users >from downloading malicious applets and viruses. Users should only >be allowed to access trusted domains and Web sites." > >According to the NCSA, "a malicious 'applet' can be written to >perform any action that the legitimate user can do. The security >enhancements announced by Sun Microsystems and Netscape do not >fix this flaw CERT (Computer Emergency Response Teams) >recommends disabling Java in Netscape Navigator [only Netscape >browsers are at issue] and not use Sun's 'appletviewer' to browse >untrusted web sites until patches are made available from the >vendors." The warnings apply to Netscape Navigator 2.0 and 2.01, >and Sun's HotJava browser. > >And according to a white paper being released by researchers at >Princeton University, "The Java system in its current form cannot >easily be made secure." The scientists, Drew Dean, Edward Felten >and Dan Wallach, will present their white paper at the 1996 IEEE >Symposium on Security, which starts in California Monday, May 6. > >According to the scientists, and other sources interviewed by Online >Business Consultant (OBC), innocent surfers on the Web who download >Java applets into Netscape's Navigator and Sun's HotJava browser, risk >having "hostile" applets interfere with their computers (consuming RAM >and CPU cycles) or, worse, having an applet connect to a third party on >the Internet to upload sensitive information from the user's computer. > >The scientists say that even firewalls, software designed to fence-off >LANs and Intranets from cyberthugs, are ineffective against the malicious >Java code . . . "because the attack is launched from behind the firewall." > >This information was made public some weeks back. However, the >browsing public, and particularly online business users, are ignorant >of the Java risks. In a survey conducted by OBC the vast majority of >Netscape users had no idea that Java applets presented a grave risk, >and many felt the proponents of Java as an Internet technology, >particularly Sun Microsystems, Inc. and Netscape Communications >Corporation, were not paying enough attention to the issue. "I have to >report this information to my senior executives," said one IT manager. >"They are especially anxious to have clarity on the (Java) security issue." > >"They are hoping the security issues will just go away," said another >responder, one of the few who has researched the security issue. "But it >will not. The hackers will continue to find the loopholes and exploit >the opportunities." > >OBC also interviewed hackers who have designed Java applets to turn >cancerous at a future date. Said one hacker: "Even legitimate Java applets >can be targeted on the Web and attacked. I have written a Java virus that >changes one line of code in a Java applet to render it useless." [A sample >of this type of hostile code is included in the complete Java report in the >May issue of OBC] > >A computer security expert, Mark Ladue, has set up a "Hostile Applets" >site on the Internet. The site is a free service to alert business to the >potential >dangers. "I've read that article by Dean, Felten, and Wallach, and I agreed >with what they had to say as far as they went, but I would paint the picture a >little more darkly. It's to the business community that they (Java applets) pose >the most serious threat." > >Back in March the Princeton group released the following Java report to >Sun Microsystems, Netscape and Cern: "We have discovered a serious >security problem with Netscape Navigator's 2.0 Java implementation. >[The problem is also present in the 1.0 release of the Java Development Kit >from Sun] An applet is normally allowed to connect only to the host from >which it was loaded. However, this restriction is not properly enforced. A >malicious applet can open a connection to an arbitrary host on the Internet. >At this point, bugs in any TCP/IP-based network service can be exploited. >We have implemented (as a proof of concept) an exploitation of an old >sendmail bug [to reproduce the problem]. > >Sun issued a patch that plugs the possibility of "spoofing." Netscape >modified its software (in version 2.00). However, Netscape's Navigator is >readily available in stores and countless millions of World Wide Web users >have no idea they are at serious risk. To date OBC has been unable to obtain >official response from Sun or Netscape. The following security claim is >extracted from their original white paper on Java: > >"Java is intended to be used in networked/distributed environments. Toward >that end, a lot of emphasis has been placed on security. Java enables the >construction of virus-free, tamper-free systems. The authentication techniques >are based on public-key encryption." > >However, the Princeton group states otherwise, "If the user viewing the >(Java) applet is behind a firewall, this attack can be used against any other >machine behind the same firewall. The firewall will fail to defend against >(Java) attacks on internal networks, because the attack originates behind the >firewall. > >"The immediate fix for this problem is to disable Java from Netscape's >'Security Preferences' dialog. An HTTP proxy server could also disable >Java applets by refusing to fetch Java '.class' files. We've sent a more >detailed >description of this bug to CERT, Sun, and Netscape." > >In light of this information, OBC feels it is prudent to avoid using the >Netscape Navigator browsers and logging on to insecure Java sites on the >Internet until complete safety can be confirmed. > >The complete Java report in the May issue of OBC also exposes the >mounting dangers of email being attacked by "Trojan horse" Java applets. > > ># # # > >The report above may be reprinted with credit provided as follows: > >Home Page Press, Inc., http://www.hpp.com and Online Business Consultant™ >Please refer to the HPP Web site for additional information about Java and OBC. >=========================================================== >............Home Page Press, Inc. http://www.hpp.com home of Go.Fetch™ >........Free TEXT version - Online Business Today email: obt.text@hpp.com >....Free PDF version - Online Business Today email: obt.pdf@hpp.com >OBC / Online Business Consultant, $595/year email: obc@hpp.com > > > Bill Selmeier bills@aimnet.com * Patriot Information Mailing List * A service to help inform those who have an active interest in * returning our federal and state governments to limited, * constitutional government * Send messages for consideration and possible posting to * butterb@sagenet.net (Bill Utterback). * To subscribe or unsubscribe, send message with subject line * "subscribe patriot" or "unsubscribe patriot" * Forwarded messages sent on this mailing list are NOT verified. * See World's Smallest Political Quiz: www.self-gov.org/quiz.html * Libertarian is to LIBERTY as librarian is to library (DePena) * PIML grants permission to copy and repost this message * in its entirety with headers and trailers left intact.